JFrog uncovers multi-stage malware harvesting cloud secrets. Multi-stage malware embedded in a Python package is stealing sensitive cloud infrastructure data, JFrog researchers said Monday. The package steals credentials, configuration files, API tokens and other data from corporate cloud environments. It targets developers using the Chimera sandbox platform.
First seen on govinfosecurity.com
Jump to article: www.govinfosecurity.com/malicious-pypi-package-targets-developer-credentials-a-28725
